How DNS Query Works in Windows 2000

This article gives a "behind-the-scenes" look at the complete DNS query process in Windows 2000.

When a DNS client needs to look up a name used in a program, it queries DNS
servers to resolve the name. Each query message the client sends contains the
following three pieces of information, specifying a question for the server
to answer:

A specified DNS domain name stated as a fully qualified domain name (FQDN)

A specified query type, which can either specify a resource record by
type or a specialized type of query operation

A specified class for the DNS domain name. For Windows DNS servers, it
should always be specified as the Internet (IN) class.

For example, the name specified could be the FQDN for a computer, such as "host-a.example.microsoft.com.",
and the query type could be specified to look for an address (A) resource record
by that name. Think of a DNS query as a client asking a server a two-part question,
such as "Do you have any A resource records for a computer named hostname.example.microsoft.com.?"
When the client receives an answer from the server, it reads and interprets
the answered A resource record, learning the IP address for the computer it
asked for by name.

DNS queries resolve in a number of different ways. A client can sometimes answer
a query locally by using cached information obtained from a previous query.
The DNS server can use its own cache of resource record information to answer
a query. A DNS server can also query or contact other DNS servers on behalf
of the requesting client to fully resolve the name, and can then send an answer
back to the client. This process is known as recursion.

In addition, the client itself can attempt to contact additional DNS servers
to resolve a name. When a client does so, it uses separate and additional queries
based on referral answers from servers. This process is known as iteration.

In general, the DNS query process occurs in two parts:

A name query begins at a client computer and is passed to a resolver,
the DNS client service, for resolution.

When the query cannot be resolved locally, DNS servers can be queried
as needed to resolve the name.

Both of these processes are explained in more detail in the following sections.

Part 1: The Local Resolver

As shown in the initial steps of the query process, a DNS domain name is used
in a program on the local computer. The request is then passed to the DNS client
service for resolution using locally cached information. If the queried name
can be resolved, the query is answered and the process is completed.

The local resolver cache can include name information obtained from two possible
sources:

If a Hosts file is configured locally, any host name-to-address mappings
from that file are preloaded into the cache when the DNS client service
is started.

Resource records obtained in answered responses from previous DNS queries
are added to the cache and kept for a period of time.

If the query does not match an entry in the cache, the resolution process continues
with the client querying a DNS server to resolve the name.